Threat name in NSM SaaS/NSM On-Prem/Analytics

Description

At times, the firewall will drop certain packets marked as “threat name” that do not have defined threat names associated with them. This is expected and the name will get an assigned number such as “Virus-60363”.

Cause

There may be a discrepancy between what is seen in Analytics and in the firewall as one may show as a randomly assigned number such as “Virus-60363”  in a report within your analytics server and on the firewall it may just show differently for GAV ID.

 

Resolution

This is due to our Cloud GAV service blocking that packet. With there being millions of signatures, we do not have names mapped for all of them. It will only show as ID only.

This behavior is to be expected.

Image

Related Articles

  • NSM On-Prem: Backups over SCP to Windows OpenSSH Server
    Read More
  • How to Reconfigure Reporting and Analytics on NSM
    Read More
  • NSM On-Prem Reporting Server configuration
    Read More

Categories

Management and Reporting
Network Security Manager
Management and Reporting
On-Prem Analytics
not finding your answers?
Ask the Community
Chat